Week in review: Rustock botnet shutdown, Etsy’s privacy snafu and the RSA hack

Here’s an overview of some of last week’s most interesting news and articles:

Anti-phishing tool detects fraudulent sites by analyzing their elements
A Hong Kong City University professor that concentrates his effort on ways for combating phishing has recently made public a piece of software that proactively detects phishing web sites.

Anonymous leaks incriminating Bank of America e-mails
Anonymous – the hacktivist group known for its DDoS attacks and support for WikiLeaks – has rendered public a collection of e-mails it exchanged with and has been given by a former employee of a loan insurer owned by the Bank of America.

PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks
The management of identities and online authentication are two problems to which so far only Public Key Infrastructure (PKI) has managed to give a secure and scalable answer to. This book aims at teaching you how to deploy PKI-based solutions and approaches the issue one step at a time, finally ending with case studies.

40th anniversary of the computer virus
This year marks the 40th anniversary of Creeper, the world’s first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010.

Medical identity theft: The growing cost of indifference
While consumers grasp the importance of protecting their medical and personal information, few individuals take the necessary precautions to avoid medical identity theft.

Penetration testing and certification
Stephen Sims works at Wells Fargo in San Francisco as a security architect and is a certified instructor for the SANS Institute. In this interview he discusses the prerequisites for penetration testing, the ethical considerations surrounding the job, IT security certifications as well as his training course at SANS Secure Europe Amsterdam 2011.

Twitter gives user always-on HTTPS option
Little by little, Twitter is heading towards a full HTTPS experience for its users by adding a user setting that, when selected, makes all the activities on your Twitter account encrypted by default.

Etsy privacy changes leave a lot to be desired
After Etsy’s privacy snafu that made its buyer’s full names and purchase histories available for everyone to see, the company moved fast and announced it made all purchases and feedback private by default. A laudable move, to be sure, but there are still some things that should be changed.

Cenzic at a glance
John Weinschenk, President & CEO of Cenzic, talks about the company and their product line. Cenzic focuses on Web application security, automating the process of identifying security defects at the Web application level, help customers in remediating those defects, manage risk and get compliance with regulations such as PCI.

Securing your network from malware
Protecting your systems and data from malware is an ongoing process that requires attention, consistency and diligence. While that sounds like a lot of work, it is really quite easy if you include these six areas in your regular system upkeep. It will also be significantly less work than cleaning up after a malware incident.

IronBee versus ModSecurity
Ivan Ristic, Director of engineering at Qualys, explains what is the difference between ModSecurity and IronBee.

5 tips to avoid Japan earthquake and tsunami scams
Unfortunately many cyber crooks are exploiting the tragedy in Japan to get money for unsuspecting surfers. Here are tips from Enigma Software to make sure you don’t become a scam victim.

Phishing HTML attachments bypass browser detection
Browsers like Firefox and Chrome are becoming more and more adept at spotting phishing pages. Indeed, they have become so successful that phishers are, once again, forced to find a new tactic.

Google extends SSL to developer facing APIs
Google, which has already taken care of its users and encrypted its Web Search, Gmail and Google Docs, has now turned its attention to the APIs used by developers.

A closer look at MacKeeper
MacKeeper (v1.0.3.) is a comprehensive bundle of various system utilities that will help you keep your Mac secure from malware; find it if it gets stolen; backup, restore, shred or encrypt files; clean you computer from unnecessary clutter; help you keep your applications up-to-date, and more.

RSA hacked, SecurID users possibly affected
In an open letter, Art Coviello, the executive chairman of RSA (the security division of EMC), made public the fact that the company has suffered a breach and data loss following an “extremely sophisticated cyber attack.”

Rustock botnet downed by Microsoft
As many security companies and experts noted in the last few days, the activities of the Rustock botnet came to a standstill.

RSA breach: Reactions from the security community
RSA, the security division of EMC, has suffered a breach and data loss following an “extremely sophisticated cyber attack.” Their investigation revealed that the information extracted from the company systems is related to its SecurID two-factor authentication products. sThe news of the incident spread through the information security community like wildfire and below are some of the comments received by Help Net Security.

More about

Don't miss